While many crypto exchanges have seemingly embraced the use of proof-of-reserves (PoR) to showcase their transparency and reassure nervous users, crypto analyst Martin Hiesboeck insists such so-called proofs are susceptible to manipulation or misrepresentation. He added that PoRs alone are not a suitable method of verifying an exchange’s reserves because they do not “account for liabilities and off-chain assets at all.”
PoR May Be ‘Misleading and Deceptive’
Following the collapse of FTX in November, trust in centralized exchanges ebbed, with many users rushing to move their assets off of such platforms. This, in turn, sparked a rush by crypto exchanges to present or publish their proof-of-reserves (PoR).
Seen as an emergency response to the confidence crisis created by FTX’s fall, PoR Merkle trees have seemingly become the de-facto standard measure used to project a crypto exchange’s transparency. Proponents of PoR assert that using this audit method reassures users that a crypto exchange is not misusing their funds.
However, despite their apparent embrace by many in the crypto industry, presenting PoR audits alone may not prove that an exchange is not misusing client funds. It is also alleged that some crypto exchanges are lending each other funds just prior to an audit and returning these immediately after a PoR has been presented.
To critics like Martin Hiesboeck, a crypto analyst and head of blockchain and crypto research at the multi-asset digital trading platform Uphold, PoRs are not suitable tools for proving the status of an exchange’s reserves because they do not “account for liabilities and off-chain assets at all.” This according to Hiesboeck makes PoRs “at best incomplete, at worst misleading and deceptive.”
Commenting on why some in the crypto space have seemingly endorsed PoRs, Hiesboeck told Bitcoin.com News:
“The Merkle Tree PoR has seen increased adoption and interest in the past few weeks due to shaken trust in centralized exchanges. CEXs [centralized exchanges] needed a fast and public ’emergency response’ to restore public and user trust, and this is why the so-called Proof of Reserves method became so popular and is currently touted as the best way to prove an exchange’s transparency — at least on paper.”
Nevertheless, Hiesboeck notes that PoRs have two issues that make them susceptible to manipulation or misrepresentation. One is what Hiesboeck describes as the inherent opaqueness of a Merkle Tree model. This model by design “allows for the verification of certain data without divulging its contents.”
For centralized exchanges using this model, it means their respective auditors can publish a “legitimate snapshot” of a crypto exchange platform’s reserves. Explaining why he finds this problematic, Hiesboeck said:
Regular onlookers have no means to verify the results of PoRs nor assurance that funds weren’t moved from these addresses immediately after the audit. To solve this issue, at least partially, there needs to be some kind of a real-time independent reserve monitoring system to provide up-to-date information over time.
The exclusion of an exchange’s outstanding liabilities in PoRs is another issue making them a less reliable way of verifying or ascertaining a crypto exchange platform’s financial well-being. Therefore presenting or publishing a crypto exchange’s assets without also revealing its liabilities does not provide an accurate picture of the platform’s financial health, Hiesboeck argued.
“Many exchanges that have published PoRs don’t include such information, meaning they are non-transparent. Nor do they reflect any custodians’ off-chain assets and where these funds originated from,” he added.
Still, despite Hiesboeck and other critics’ arguments against the use of this model, PoRs appear to have gained traction. As reported by Bitcoin.com News, several large crypto exchanges have presented audits based on the Merkle tree model. Binance, one of the world’s largest crypto exchange platforms, recently published its PoR for bitcoin. The snapshot suggested that Binance’s BTC reserves were slightly more than net user balances.
Meanwhile, when asked if there is a better alternative verification method, Hiesboeck replied:
“The only alternative to a Merkle Tree PoR is a system that provides a combination of reserves and liabilities. It should include proof that the operating entities are domiciled in the right jurisdictions and that any attestation has been subject to review by an external auditing firm.”
What are your thoughts on this story? Let us know what you think in the comments section below.